Category: Computing, Wordpress Tags: ,

Protect Your Wordpress Directory from Public Browsing

Posted November 10th, 2008 by nazham

Found a really good Wordpress security tips a while ago:

Directories should not be left open for public browsing.

There is a potential problem letting people know what plug-ins you have, or what versions they are. If there is some known exploit that is linked to a plug-in, it could be easy enough for someone to use it to their advantage.

To test whether your site is vulnerable to this issue, just go to http://<your_site>/wp-content/plugins
Your site SHOULDN’T be listing all the plug-ins available on your site.

It’s fairly simple to protect your Wordpress installation from public browsing:
1. Make an empty wp-content/plugins/index.html file
Or
2. just add this line in your .htaccess file in your root:
Options All -Indexes

No related posts.

You can follow any responses to this entry through the RSS 2.0 feed.

Comments

  1. From dirn on November 10th, 2008 at 11:02 pm

    thanks bro…

  2. From azlan on November 10th, 2008 at 11:10 pm

    good info…aku baru tau camna..nampak sangat aku malas membaca…muahahah

  3. From dirn on November 10th, 2008 at 11:14 pm

    sama la kita lan….:P

  4. From nazham on November 10th, 2008 at 11:15 pm

    May your blogs be safe. :)

  5. From Kathy @ Virtual Impax on November 12th, 2008 at 5:33 am

    EXCELLENT advice. My other “favorite” security plug in for Wordpress is Login LockDown from Bad Neighborhood!

  6. From nazham on November 12th, 2008 at 6:58 am

    Yup, that’s a very important security plugin to prevent brute-force attacks.

  7. From Yoko on November 12th, 2008 at 12:00 pm

    Good info!!! Thanks for sharing.

Previous Post
Next Post

twitter rss